Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,440 advisories

Loading
TCPDF missing character escape on error messages Moderate
CVE-2024-56527 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
TCPDF has incorrect comparison Moderate
CVE-2024-56522 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
TCPDF lacks SVG sanitization Moderate
CVE-2024-56519 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
tecnickcom/tc-lib-pdf-font mishandles fonts Moderate
CVE-2024-56520 was published for tecnickcom/tc-lib-pdf-font (Composer) Dec 27, 2024
Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx Moderate
CVE-2024-56364 was published for shuchkin/simplexlsx (Composer) Dec 23, 2024
shuchkin
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability Moderate
GHSA-j2v2-3784-vr44 was published for opencart/opencart (Composer) Dec 18, 2024 withdrawn
thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames Moderate
CVE-2024-55889 was published for thorsten/phpmyfaq (Composer) Dec 13, 2024
geo-chen
Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx Moderate
CVE-2024-55878 was published for shuchkin/simplexlsx (Composer) Dec 12, 2024
shuchkin
Withdrawn Advisory: Nette Database SQL injection Moderate
CVE-2024-55586 was published for nette/database (Composer) Dec 10, 2024 withdrawn
calvera CSIRTTrizna
Drupal core Access bypass Moderate
CVE-2024-55634 was published for drupal/core (Composer) Dec 10, 2024
Drupal Core Cross-Site Scripting (XSS) Moderate
CVE-2024-12393 was published for drupal/core (Composer) Dec 10, 2024
LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section Moderate
CVE-2024-53457 was published for librenms/librenms (Composer) Dec 6, 2024
Drupal core vulnerable to improper error handling Moderate
CVE-2024-11942 was published for drupal/core (Composer) Dec 5, 2024
ibexa/post-install affected by Breach with Varnish VCL Moderate
GHSA-4h8f-c635-25p7 was published for ibexa/post-install (Composer) Dec 2, 2024
ibexa/http-cache affected by Breach with Varnish VCL Moderate
GHSA-fh7v-q458-7vmw was published for ibexa/http-cache (Composer) Dec 2, 2024
ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL Moderate
GHSA-mgfg-7533-7jf6 was published for ezsystems/ezplatform-http-cache (Composer) Dec 2, 2024
Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern Moderate
CVE-2024-53864 was published for ibexa/admin-ui (Composer) Dec 2, 2024
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages Moderate
CVE-2024-52806 was published for simplesamlphp/saml2 (Composer) Dec 2, 2024
ahacker1-securesaml
Withdrawn Advisory: Symfony http-security has authentication bypass Moderate
CVE-2024-36611 was published for symfony/security-http (Composer) Nov 29, 2024 withdrawn
jderusse
TCPDF Local File Inclusion vulnerability Moderate
CVE-2024-51058 was published for tecnickcom/tcpdf (Composer) Nov 26, 2024
Moodle IDOR when deleting OAuth2 linked accounts Moderate
CVE-2024-45690 was published for moodle/moodle (Composer) Nov 20, 2024
Moodle allows users to retrieve information they did not have permission to access Moderate
CVE-2024-45689 was published for moodle/moodle (Composer) Nov 20, 2024
Moodle Lesson activity password bypass through PHP loose comparison Moderate
CVE-2024-45691 was published for moodle/moodle (Composer) Nov 20, 2024
Moodle IDOR when accessing list of course badges Moderate
CVE-2024-48899 was published for moodle/moodle (Composer) Nov 20, 2024
Redaxo Core CMS Cross Site Scripting (XSS) Moderate
CVE-2024-50803 was published for redaxo/source (Composer) Nov 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database